Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

“Users” can be members of one or more Security Groups. Functional aspects of Users with

respect to Security include…

Security Group access is “additive”—if a user is a member one or more Security Groups that do not have access to something, but are a member of at least one group that has the access, the user will have access.

One exception to this is qualified data restrictions, which applies additional filters for users regardless of access from other Security Groups.

User configuration can be defined by the user via the Profile functions or from the Users application (usually administrators only for the latter.)

InfoCenter material and Redbook describing configuration for this is availablehttp://publib.boulder.ibm.com/infocenter/tivihelp/v10r1/topic/com.ibm.ccmdb.doc_7.1.1/security/c_sec_overview.htmlhttp://www.redbooks.ibm.com/abstracts/SG247565.html

The MAXADMIN Security Group/maxadmin user doesn’t have access to the TPM applications by default.

With the initial installation, there are not any users configured as members of the TP* security groups. The quickest paths for adding user access for the Provisioning apps are…

If VMM or LDAP sync isn’t enabled, simply log in as maxadmin and run the “AssignMAXADMIN_to_TP_Groups” Web Replay scenario (this scenario assigns maxadmin to all of the TP* Security Groups.)

If VMM or LDAP sync are enabled, you can add these users and group assignments from any appropriate user management interface, e.g. if using VMM, can configure Users and Group assignment from the Websphere Admin Console.

The TPADMIN Security Group does not have general Security Group or configuration customization access for the deployment. (By design, Security configuration and general Provisioning application access are in separate roles.) It is possible to assign a user to be both a member of TPADMIN and MAXADMIN in order to have access to all of the applications available in these Security Groups.

Similar to functionality that was provided in TPM 5.1.1, it’s possible to define “read-only” or

“hidden” access to particular DCM object sets based on Provisioning Group set definitions.

These definitions are associated with Tpae Security Groups. I.e., if a Provisioning Group data restriction is defined for a Security Group and a user is a member of that Security Group, the user will be restricted regarding which objects are visible or manageable.